Google Bug Bounty Debate

The cluster discusses Google's handling of a vulnerability report or security issue, focusing on payments, credits, potential massive costs like $7B, responsibility, fairness, and whether Google ripped off the reporter or paid adequately.

📉 Falling 0.4x Security

3,047

Comments

Years Active

Top Authors

#1075

Topic ID

Activity Over Time

2007

2008

2009

2010

2011

134

2012

145

2013

147

2014

126

2015

2016

109

2017

167

2018

234

2019

274

2020

263

2021

257

2022

256

2023

281

2024

221

2025

204

2026

Top Contributors

ocdtrekkie (18) tptacek (10) asdfasgasdgasdg (10) onetimemanytime (9) wmf (8)

Keywords

OP RSU IMO www.cnn AV1 index.html TIFF IRS google documents money revenue google google paid google wants million fined document

Sample Comments

patricksantana • Nov 15, 2012 • View on HN

A lot of money from Google. Is this not a problem?

aabhay • Jan 14, 2020 • View on HN

Google pays very dearly for that, btw

pekk • Mar 31, 2013 • View on HN

Question: will this cost Google $7B?

shostack • Feb 1, 2016 • View on HN

Is Google slapping them accordingly?

navigate8310 • Apr 29, 2025 • View on HN

So did you pay or Google showed you mercy by chewing their potential earnings?

chillfox • Sep 17, 2025 • View on HN

Sounds like something Google could solve with contracts and money if they wanted to.

eru • Aug 7, 2015 • View on HN

Sorry, I don't follow. How did Google rip anyone off here?

chii • Dec 29, 2019 • View on HN

tldr; google wants to reap the rewards, but externalize the costs.

rjh29 • Oct 14, 2023 • View on HN

That's kind of Google's intention. You are costing them money.

forgotpasswd3x • Oct 28, 2014 • View on HN

It's not like Google's just gifting them the money...